Microsoft Azure Open Management Infrastructure remote command execution
Added: 09/28/2021Background
Microsoft Azure Open Management Infrastructure is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards.Problem
A vulnerability in Open Management Infrastructure allows remote attackers to execute arbitrary commands by sending a SOAP ExecuteShellCommand request without an Authorization header.Resolution
Upgrade to Open Management Infrastructure 1.6.8-1 or higher.References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647https://www.horizon3.ai/omigod-rce-vulnerability-in-multiple-azure-linux-deployments/
Back to exploit index